Decompilation of the installed app
Searching for sensitive information hard-coded within the app
Verifying the security of locally stored credentials
Checking that SSL certificates and signatures are properly validated
Discovering insecure use of cryptography for transmitting data or for local storage
Source code analysis (if appropriate)
Checking that automatic updates do not provide a conduit for attackers to install arbitrary code
Verifying all sensitive information is removed after uninstalling the app
Looking for unintended transmission of data, such as the user’s phonebook when it is not required

The app testing service also includes testing of the web services used by the app. The following aspects are examined in detail to ensure that the backend servers do not expose customer data to other parties:

Server configuration errors
Loopholes in server code or scripts
Advice on data that could have been exposed due to past errors
Testing for known vulnerabilities
Reducing the risk and enticement to attack
Advice on fixes and future security plans

Within my scope of work, I will:

Identify the issues,Give advice on how to fix themAnd control how they are fixed.